US20120297468A1 - Techniques for accessing a backup system - Google Patents
Techniques for accessing a backup system Download PDFInfo
- Publication number
- US20120297468A1 US20120297468A1 US13/109,064 US201113109064A US2012297468A1 US 20120297468 A1 US20120297468 A1 US 20120297468A1 US 201113109064 A US201113109064 A US 201113109064A US 2012297468 A1 US2012297468 A1 US 2012297468A1
- Authority
- US
- United States
- Prior art keywords
- logon
- client device
- website
- backup
- backup server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000037361 pathway Effects 0.000 claims abstract description 52
- 230000004044 response Effects 0.000 claims abstract description 33
- 238000004590 computer program Methods 0.000 claims description 8
- 235000014510 cooky Nutrition 0.000 claims description 6
- 230000006854 communication Effects 0.000 description 28
- 238000010586 diagram Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 230000003213 activating effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000000246 remedial effect Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000013515 script Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1464—Management of the backup or restore process for networked environments
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/40—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass for recovering from a failure of a protocol instance or entity, e.g. service redundancy protocols, protocol state redundancy or protocol service redirection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1469—Backup restoration techniques
Definitions
- a conventional computerized environment may include computers which periodically backup their information to a backup site.
- each computer is typically equipped with a backup service which sends information to be backed up to the backup site at periodic intervals (e.g., daily, hourly, etc.).
- a backup technician typically installs backup service software on each computer.
- One conventional backup service software package includes a random number generator routine to provision each computer, during installation/setup time, with a random number which uniquely identifies that computer to the backup site.
- a computer After a computer has backed up information to the backup site, if an operator of the computer wishes to restore certain information from the backup site to that computer, the operator requests a username and password from the backup technician. The backup technician then assigns a username and a password to the operator. Using the username and the password assigned to the operator by the backup technician, the operator then logs into the backup site from that computer and directs the backup site to restore that information back on to that computer.
- improved techniques involve acquiring a logon token from a backup server through a pre-established secure data pathway between a client device and the backup server.
- the logon token can then be used to logon a user to a website having certain control of the backup server (e.g., to restore data from the backup server).
- Such improved techniques are less burdensome, i.e., they alleviate the need for intervention by a backup technician to assign usernames and passwords.
- such techniques offer minimal latency in obtaining access to the backup server through the website, e.g., time is not wasted searching for a backup technician, explaining the need for a username and password in order to restore information, and waiting for the backup technician to assign a username and password.
- One embodiment is directed to a method of accessing a backup system.
- the method which is performed in a client device, includes receiving a logon command to logon a user to a website of the backup system.
- the backup system includes (i) a backup server and (ii) a web server which hosts the website to enable the user to control settings of the backup server.
- the method further includes, sending, in response to receiving the logon command, a token request to the backup server through a pre-established secure data pathway between the client device and the backup server. Data is periodically backed up from the client device to the backup server through the pre-established secure data pathway in a secure manner.
- the method further includes acquiring, in response to sending the token request, a logon token from the backup server through the pre-established secure data pathway.
- the website hosted by the web server is constructed and arranged to communicate with the backup server to determine whether the logon token is authentic when the website receives the logon token during a logon operation.
- inventions are directed to a client device, a backup system, a backup server, a web server, a computer program product, and other components of a backup environment. Additionally, other embodiments are directed to processes which are performed by the above-mentioned components of the backup environment.
- FIG. 1 is a block diagram of an electronic environment which includes a client device and a backup facility.
- FIG. 2 is a block diagram of the client device of FIG. 1 .
- FIG. 3 is a block diagram of the backup facility of FIG. 1 .
- FIG. 4 is a sequence diagram showing various communications which occur between certain components of the backup facility when a user accesses the backup facility.
- FIG. 5 is a flowchart of a procedure which is performed by a client device of the electronic environment of FIG. 1 .
- An improved technique involves acquiring a logon token from a backup server through a pre-established secure data pathway between a client device and the backup server.
- the logon token can then be used to logon a user to a website having certain control of the backup server (e.g., to restore a lost file from the backup server).
- Such an improved technique is less burdensome, i.e., the improved technique alleviates the need for intervention by a backup technician to assign a username and a password.
- such a technique provides minimal latency when obtaining access to the backup server through the website, e.g., time is not wasted searching for a backup technician, explaining the need for a username and password in order to restore information, waiting for the backup technician to assign a username and password, and so on.
- FIG. 1 shows an electronic environment 20 which enables one or more users to automatically access a backup facility in a secure manner in order to perform certain backup system operations.
- a user is able to perform various backup-related tasks (e.g., restore a file, set or modify certain backup settings, etc.) without participation of a backup technician.
- various backup-related tasks e.g., restore a file, set or modify certain backup settings, etc.
- the electronic environment 20 includes multiple client devices 22 ( 1 ), 22 ( 2 ), . . . (collectively, client devices 22 ), a backup facility 24 , and a communications medium 26 .
- the backup facility 24 (or remote backup system) includes a web server 30 and a backup server 32 .
- the web server 30 hosts a backup system website 34 which is capable of controlling (or changing) certain operational settings of the backup server 32 .
- the communications medium 26 connects to the client devices 22 , the web server 30 and the backup server 32 to enable these components of the environment 20 to exchange electronic communications 36 among each other (e.g., illustrated by the two-sided arrow 36 in FIG. 1 ).
- the communications medium 26 is illustrated as a cloud because it is capable of having a variety of topologies including hub-and-spoke, backbone, loop, irregular, a combination of the Internet and LAN(s), combinations thereof, and so on.
- a human backup coordinator configures each client device 22 to perform routine backups with the backup facility 24 .
- the backup coordinator installs and starts backup software on each client device 22 .
- the backup software provides a user of the client device 22 with an assortment of backup services 40 including, among other things, a routine backup service to routinely backup client data 42 from the client device 22 , and a restoration service to restore the client data 42 to the client device 22 .
- a routine backup service to routinely backup client data 42 from the client device 22
- a restoration service to restore the client data 42 to the client device 22 .
- the client device 22 periodically sends copies 44 ( 1 ) of the created or modified client data 42 ( 1 ) to the backup facility 24 to be backed up.
- the client device 22 periodically sends copies 44 ( 2 ) of the created or modified client data 42 ( 2 ) to the backup facility 24 to be backed up, and so on.
- the backup facility 24 safely maintains the copies 44 of the client data 42 for possible restoration, while users access the original client data 42 locally on their respective client devices 22 .
- the client devices 22 can initiate communications with the backup facility 24 through the communications medium 26 without any custom setup by the users of the client devices 22 or by the backup coordinator. Rather, each client device 22 is equipped with the ability to uniquely identify itself to the backup facility 24 (e.g., via random number generation, via network address, combinations thereof, etc.) thus enabling the backup facility 24 to distinguish the client devices 22 from each other without substantially burdening the users of the client devices 22 or the backup coordinator. Such operation enables the backup server 32 to uniquely identify each client device 22 when saving copies 44 of the client data 42 .
- the backup coordinator provisions that client device 22 (as well as the backup server 32 ) with standard cryptographic protocols (e.g., keys, certificates, etc.) to create a secure data pathway 50 between that client device 22 and the backup server 32 for secure bidirectional communications through the communications medium 26 . Accordingly, the client device 22 is then able to periodically transmit copies 44 of the client data 42 (new files/blocks, modified files/blocks, etc.) in a manner which prevents eavesdropping and/or tampering.
- the secure data pathways 50 are standard encrypted Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) connections. Such secure data pathway provisioning can occur as part of the backup software installation process, or separately from the backup software installation process.
- the client devices 22 transfer copies 44 of the client data 42 through the secure data pathways 50 in accordance with backup schedules (e.g., once a day, once an hour, every 15 minutes, customized times, etc.).
- the backup facility 24 is capable of performing restoration operations without burdening a backup coordinator, administrator or technician.
- the backup facility 24 allows users to access the backed up copies 44 of the client data 42 via the backup system website 34 using logon tokens 52 obtained from the backup server 32 in lieu of usernames and passwords assigned by a backup technician.
- the backup services 40 of a client device 22 receives a command from a user to connect to the backup system website 34 , the website obtains a logon token 52 from the backup server 32 on behalf of the user.
- the backup services 40 then activates web browser circuitry and passes the web browser circuitry (i) a URL (Uniform Resource Locator) for the backup system website 34 , (ii) an identifier of the client device 22 (e.g., a random string of symbols/characters/numbers which uniquely identifies the client device 22 among other client devices 22 ), and (ii) the logon token 52 .
- the identifier of the client device 22 is a random string, 30-40 characters long.
- the website 34 When the website 34 receives the identifier of the client device 22 and the logon token 52 , the website 34 communicates with the backup server 32 to authenticate the logon token 52 and thus authenticate the user. If authentication is successful, the website 34 properly logs on the user. However, if authentication is unsuccessful, the website 34 does not logon the user. As a result, users are able to securely retrieve the backed up copies 44 of the client data 42 without intervention by the backup technician.
- the logon token 52 are onetime use tokens. That is, such tokens can be used only once to logon thus preventing the possibility of replay attacks. Furthermore, such tokens become invalid if not used within a certain predefined expiration window of time.
- each logon token 52 is a string of symbols (e.g., six characters/numbers for easy viewing and copying via a keyboard, a string of many characters/number to make viewing and copying more difficult, and so on).
- the website 34 returns a web-based logon cookie that enables the client device 22 to access the website in a subsequent logon session without any logon token 52 and/or any username/password. Further details will now be provided with reference to FIG. 2 .
- FIG. 2 shows particular details of a computerized client device 60 which is suitable for use as any of the client devices 22 in FIG. 1 .
- the computerized client device 60 includes a user interface 62 , a network interface 64 , processing circuitry 66 , and local non-volatile storage 68 .
- the user interface 62 e.g., a keyboard, mouse and display
- the network interface 64 is constructed and arranged to connect to the communications medium 26 and thus enable the computerized client device 60 to exchange electronic communications 36 with other devices through the communications medium 26 (also see FIG. 1 ).
- the processing circuitry 66 e.g., a set of processors and memory
- the local non-volatile storage 68 e.g., magnetic disk drives, flash drives, etc.
- data e.g., files, blocks, records, etc.
- the processing circuitry 66 includes web browser circuitry 70 , other high level circuitry 72 (e.g., word processor circuitry, spreadsheet circuitry, email circuitry, etc.) for creating and/or modifying client data 42 , backup services circuitry (or backup agent) 74 , and operating system circuitry 76 .
- Such circuitry can be implemented as a set of processors running in accordance with one or more software constructs (e.g., application suites, programs, toolkits, scripts, drivers, etc.), as specialized hardware circuits (e.g., application specific integrated circuits, field programmable gate arrays, discrete components, etc.), as firmware, combinations thereof, and so on.
- a computer program product 78 is capable of delivering each software construct to the computerized client device 60 .
- the computer program product 78 has a non-transitory (or non-volatile) computer readable storage medium which stores a set of instructions which controls operation of the processing circuitry 66 .
- suitable computer readable storage media include tangible articles of manufacture and apparatus which store instructions in a non-volatile manner such as CD-ROM, flash memory, disk memory, tape memory, and the like.
- the operating system circuitry 76 effectively and efficiently allocates computerized resources (processor cycles, memory space, etc.) within the computerized client device 60 .
- the backup services circuitry 74 which receives processing time and memory from the operating system circuitry 76 , provides a variety of backup and restoration services to the user.
- the backup services circuitry 74 routinely provides copies 44 of newly created and/or modified client data 42 to the backup facility 24 through a pre-established secure data pathway 50 between the computerized client device 22 and the backup server 32 of the backup facility 24 formed through the communications medium 26 (also see FIG. 1 ).
- the backup services circuitry 74 is able to obtain a logon token 52 from the backup server 32 of the backup facility 24 on behalf of the user. The user is then able to provide the logon token 52 to the website 34 hosted by the web server 30 for authentication purposes. In this manner, the user is able to properly logon to the website 34 and gain control over certain functions of the backup server 32 , e.g., change backup settings, restore data, etc. (also see FIG. 1 ). Such activity is capable of occurring without involvement from a backup technician. Further details will now be provided with reference to FIG. 3 .
- FIG. 3 shows particular details of the backup facility 24 of the electronic environment 20 (also see FIG. 1 ).
- the web server 30 includes a network interface 80 and control circuitry 82 .
- the network interface 80 e.g., a network adapter, a network card, etc.
- the control circuitry 82 is constructed and arranged to host the website 34 .
- the backup server 32 includes a network interface 90 , control circuitry 92 , and non-volatile storage 94 .
- the network interface 90 e.g., a network adapter, a network card, etc.
- the control circuitry 92 e.g., a set of processors and memory to run specialized software is constructed and arranged to perform a variety of backup/restore operations or tasks.
- control circuitry 92 is responsible for backing up the copies 44 of the client data 42 from the client devices 22 to the non-volatile storage 94 (e.g., magnetic disk drives, flash drives, etc.) based on particular control settings 96 (e.g., a backup schedule, parameters identifying source locations to back up, and so on). Additionally, the control circuitry 94 is responsible for restoring the copies 44 of the client data 42 from the non-volatile storage 94 to the client devices 22 in response to input from the website 34 of the web server 30 .
- control settings 96 e.g., a backup schedule, parameters identifying source locations to back up, and so on.
- the control circuitry 92 of the backup server 32 includes an authentication module 98 which is capable of controlling user access.
- the authentication module 98 is constructed and arranged to provide logon tokens 52 and subsequently authenticate users attempting to logon to the backup system website 34 based on the provided logon tokens 52 . Further details about authentication of users of the website 34 will be provided shortly.
- the backup server 32 conducts secure communications 102 with the client devices 22 through pre-established secure data pathways 50 (e.g., SSL connections). Recall, that such secure data pathways 50 are set up prior to backing up the copies 44 of the client data 42 from the client devices 22 . With the pre-established secure data pathways 50 in place, backups are then performed in a secure manner thus preventing eavesdropping and tampering of the data.
- pre-established secure data pathways 50 e.g., SSL connections
- the respective pre-established secure data pathway 50 between the client device 22 and the backup server 32 is created (or re-created) prior to each backup operation performed by the client device 22 , and then destroyed at completion of each backup operation.
- Such arrangements advantageously minimize ongoing consumption of certain computerized resources (e.g., memory resources of the client device 22 ).
- the respective pre-established secure data pathway 50 between the client device 22 and the backup server 32 stays intact continuously over multiple backup operations between the client device 22 and the backup server 32 .
- Such arrangements advantageously minimize network traffic associated with creating (and destroying) the pathway 50 .
- the backup services circuitry 74 ( FIG. 2 ) of the client devices 22 are able to logon users of the client devices 22 to the backup system website 34 in response to user commands in an automated manner, i.e., without participation by a backup coordinator.
- a user of a client device 22 wishes to obtain access to the backup facility 24 to restore a file.
- the user enters a logon command into a user input/output (I/O) component of the backup services circuitry 74 , and a lower-level component of the backup services circuitry 74 responds to the logon command by requesting and receiving a logon token 52 through a secure data pathway 50 to the backup server 32 .
- I/O user input/output
- a lower-level component of the backup services circuitry 74 responds to the logon command by requesting and receiving a logon token 52 through a secure data pathway 50 to the backup server 32 .
- Such operation enables secure delivery of the logon token 52 from the backup server 32 to the client device 22 for use in
- the user I/O component of the backup services circuitry 74 activates the web browser circuitry 70 of the client device 22 to initiate web-based communications 110 between the web browser circuitry 70 and the website 34 of the web server 30 (also see the double arrow 112 in FIG. 3 ).
- the user I/O component of the backup services circuitry 74 provides the URL 114 of the website 34 , an identifier 116 of the client device 22 and the logon token 52 to the web browser circuitry 70 .
- activating the web browser circuitry 70 involves launching a web browser application.
- activating the web browser circuitry 70 involves providing an enable signal to a web browser circuit to enable normal operation of the web browser circuit.
- the web browser circuitry 70 then delivers the identifier 116 to the website 34 to uniquely identify the client device 22 to the website 34 , and the logon token 52 to authenticate to the website 34 .
- the website 34 Upon receipt of the identifier 116 and the logon token 52 from the web browser circuitry 70 of the client device 22 , the website 34 communicates with the backup server 32 to authenticate the user (see the double arrow 120 in FIG. 3 ).
- the backup server 32 determines that the logon token 52 matches the logon token 52 that it provided earlier to the backup services circuitry 74 of the particular client device 22 , the backup server 32 informs the website 34 that the user has successfully authenticated, and the website 34 properly logs on the user.
- the user is able to perform various operations such as restore a copy 44 of client data 42 from the backup server 32 to the client device 22 , change the backup schedule, change what data is backed up, and so on.
- the website 34 immediately prompts the user to formally set up a username and a password for subsequent authentication sessions before allowing the user to perform other activities.
- the website 34 provides a web-based logon cookie to the client device 22 to enable authentication without further need for a logon token 52 and/or a username/password. Other arrangements and combinations of arrangements are suitable for use as well.
- the backup server 32 determines that the logon token 52 does not match the logon token 52 that it provided earlier to the backup services circuitry 74 of the particular client device 22 , the backup server 32 informs the website 34 that authentication has failed, and the website 34 then takes remedial action. For example, the website 34 can deny further website access to the user, send a message to the backup coordinator warning of the failed authentication, and so on. Further details of the communications within the electronic system 20 will now be provided with reference to FIG. 4 .
- FIG. 4 is a sequence diagram showing particular participating portions of the electronic environment 20 .
- the backup service circuitry 74 is illustrated as having a user I/O component 150 and a lower-level component 152 since, in some arrangements, the backup service circuitry 74 is implemented in modular form. That is, in some modularized arrangements, the backup service circuitry 74 includes a user I/O module, an underlying communications (or portal) module, a data restoration module, a diagnostic module, and so on. In the context of a processor which runs a set of applications, certain modules may at times be active or inactive. For example, a user I/O module may be inactive on not invoked to save client device 22 resources.
- modules such as an underlying communications module may stay active continuously to perform background tasks and perhaps to minimize latency when it is quickly called upon for service by another module (e.g., by the user I/O module).
- the various modules are constructed and arranged to make SOAP (Simple Object Access Protocol) calls when requesting certain services.
- SOAP Simple Object Access Protocol
- the user I/O component 150 is constructed and arranged to receive user commands and output information to the user. Additionally, the lower-level component 152 is constructed and arranged to communicate with (i) the user I/O component 150 (e.g., local inter-process communications) and (ii) the backup server 32 through a pre-established secure data pathway 50 (e.g., an SSL connection through which to securely send client data, also see FIG. 3 ).
- a pre-established secure data pathway 50 e.g., an SSL connection through which to securely send client data, also see FIG. 3 ).
- GUI graphical user interface
- the user I/O component 150 of the backup services circuitry 74 receives the logon command 160 from the user and passes the logon command 160 to the lower-level component 152 of the backup services circuitry 74 .
- the backup services circuitry 74 then sends a logon token request 162 for a logon token 52 to the backup server 32 through a pre-established secure data pathway 50 between the client device 22 and the backup server 32 (also see FIG. 3 ).
- the request 162 may include an identifier 116 to conveniently identify the particular client device 22 among other client devices 22 to the backup server 32 .
- the pre-established secure data pathway 50 may be the same secure connection (e.g., use the same certificates, other access controls, etc.) that the backup services circuitry 74 utilizes when sending copies 44 of client data 42 to the backup server 32 for backing up.
- the backup server 32 In response to the request 162 for a logon token 52 , the backup server 32 provides a response 164 which includes a logon token 52 .
- the backup server 32 is able to maintain a record associating the logon token 52 with the particular client device 22 for authentication purposes. As a result, the backup server 32 is able to assign and manage logon tokens 52 for multiple client devices 22 simultaneously.
- the lower-level component 152 of the backup services circuitry 74 passes the logon token 52 up to the user I/O component 150 .
- the user I/O component 150 receives the logon token 52
- the user I/O component 150 provides data 166 which includes the logon token 52 to the web browser circuitry 70 .
- the user I/O component 150 then provides activation 166 to the web browser circuitry 70 (e.g., launches a web browser application) and provides the running web browser circuitry 70 with a URL 114 of the website 34 , the identifier 116 which identifies the particular client device 22 , and the logon token 52 .
- the web browser circuitry 70 then sends a web-based request 168 (e.g., an HTTP GET request) to the website 34 hosted by the web server 30 of the backup facility 24 .
- the web-based request 168 includes the logon token 52 and the identifier 116 .
- the website 34 When the website 34 receives the web-based request 168 from the web browser circuitry 70 of the client device 22 , the website 34 sends an authentication request 170 to the backup server 32 of the backup facility 24 .
- the authentication request 170 includes the logon token 52 and the identifier 116 .
- a secure data pathway continuously exists between the web server 30 and the backup server 32 through which the servers exchange secure communications.
- the backup server 32 responds to the authentication request 170 by comparing the received logon token 52 to the assigned logon token 52 that it provided earlier to the particular client device 22 through the pre-established secure data pathway 50 .
- the backup server 32 then provides an authentication response 172 to the website 34 indicating whether authentication is successful. In particular, if there is a match, the backup server 32 indicates that authentication is successful in the authentication response 172 . However, if there is not a match, the backup server 32 indicates that authentication has failed in the authentication response 172 .
- the website 34 Upon receipt of the authentication response 172 from the backup server 32 , the website 34 provides a web-based response 174 to the web browser circuitry 70 of the particular client device 22 .
- the web-based response 174 includes a web page indicating that the user is successfully logged in and allowing the user to control various operational settings of the backup server 32 .
- the web-based response 174 prompts the user to create a personal username and password for subsequent logon sessions before allowing the user further access to the backup server 32 .
- the web-based response 174 is different. For example, the web-based response 174 may deny access to the backup server 32 . Alternatively, the web-based response 174 may send an alarm to the backup coordinator. Other types of remedial replies are suitable for use as well. Further details will now be provided with reference to FIG. 5 .
- FIG. 5 is a flowchart of a procedure 200 which is performed by a client device 22 during operation of the electronic environment 20 (also see FIGS. 1-4 ).
- the procedure 200 is performed to logon a user to the backup system website 34 of the backup facility 24 without burdening a backup coordinator.
- the client device 22 receives a logon command 160 to logon a user to the website 34 hosted by the web server 30 of the backup facility 24 ( FIG. 1 ).
- the user may wish to control certain settings of the backup server 32 such as change a backup source location or backup frequency, or to restore client data 42 to the client device 22 .
- the client device 22 sends, in response to receiving the logon command 160 , a logon token request 162 ( FIG. 4 ) to the backup server 32 through a pre-established secure data pathway 50 between the client device 22 and the backup server 32 .
- a logon token request 162 FIG. 4
- copies 44 of client data 42 are periodically (e.g., daily, hourly, etc.) backed up from the client device 22 to the backup server 32 through the pre-established secure data pathway 50 in a secure manner.
- step 206 the client device 22 acquires, in response to sending the logon token request 162 , a logon token 52 from the backup server 32 through the pre-established secure data pathway 50 .
- the client device 22 is able to logon the user to the backup system website 34 .
- the client device 22 provides the logon token 52 to the backup system website 34 during a logon operation.
- the client device 22 sends a web-based request 168 to the backup system website 34 ( FIG. 4 ).
- the client device 22 transmits the logon token 52 through a pathway which is different than the pre-established secure data pathway 50 .
- the website 34 then communicates with the backup server 32 to determine whether the logon token 52 is authentic.
- step 210 once authentication at the website 34 has successfully completed, the client device 22 provides the user with access to the backup server 32 through the website 34 . Accordingly, the user is able to perform various backup system operations without bothering a backup coordinator. For example, the user is able to restore a particular file from the backup server 32 to the client device 22 without intervention by the backup coordinator.
- the user providing a restore command to the website 34 and the restore command directs the website 34 to carry out a restore operation on the backup server 32 through the communications medium 26 ( FIG. 1 ) to restore the particular file from the backup server 32 to the client device 22 .
- Other operations are available as well such as changing a backup parameter, creating a username and password, and so on.
- improved techniques involve acquiring a logon token 52 from a backup server 32 through a pre-established secure data pathway 50 between a client device 22 and the backup server 32 .
- the logon token 52 can then be used to logon a user to a website 34 having certain control of the backup server 32 (e.g., to restore data from the backup server).
- Such improved techniques are less burdensome, i.e., they alleviate the need for intervention by a backup technician to assign usernames and passwords.
- Such techniques offer minimal latency in obtaining access to the backup server 32 through the website 34 , e.g., time is not wasted searching for a backup technician, explaining the need for a username and password in order to restore information, waiting for the backup technician to assign a username and password, and so on.
- backups and restores were described above as occurring on the same client device 22 by way of example only. In some arrangements, backups and restores are performed on different client devices 22 .
- a first client device 22 is capable of providing copies 44 of client data 42 to the backup server 32 . Then, the user is able to obtain a logon token 52 by requesting the logon token 52 using that first client device 22 .
- the user is capable of logging on to the website 34 by manually activating web browser circuitry 70 on a second client device 22 (e.g., launching a web browser) and entering the value of the logon token 52 (e.g., a string of characters) into the second client device 22 to authenticate the second client device 22 with the backup system website 34 .
- the logon token 52 e.g., a string of characters
- the web server 30 and the backup server 32 are located in separate devices in some arrangements. Such a situation may occur to separate the resource demands by the servers 30 , 32 .
- the web server 30 may then be provisioned with enhanced web serving capabilities (e.g., with low storage but high processing power).
- the backup server 32 may be provisioned with enhanced storage capabilities (e.g., as an array of disks for RAID, with multiple network adapters for load balancing and fault tolerance, etc.).
- the web server 30 and the backup server 32 are co-located on the same device.
- the communications between the web server 30 and the backup server 32 may be exclusively internal to the device.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
- A conventional computerized environment may include computers which periodically backup their information to a backup site. In such an environment, each computer is typically equipped with a backup service which sends information to be backed up to the backup site at periodic intervals (e.g., daily, hourly, etc.).
- To equip the computers with the backup services, a backup technician (i.e., a designated IT person) typically installs backup service software on each computer. One conventional backup service software package includes a random number generator routine to provision each computer, during installation/setup time, with a random number which uniquely identifies that computer to the backup site.
- After a computer has backed up information to the backup site, if an operator of the computer wishes to restore certain information from the backup site to that computer, the operator requests a username and password from the backup technician. The backup technician then assigns a username and a password to the operator. Using the username and the password assigned to the operator by the backup technician, the operator then logs into the backup site from that computer and directs the backup site to restore that information back on to that computer.
- Unfortunately, there are deficiencies to the above-described conventional computerized environment in which operators, who wish to restore information from the backup site, (i) request usernames and passwords from a backup technician and (ii) use usernames and passwords assigned by the backup technician. For example, even a medium-sized company may have hundreds of computers which are backed up by the backup site thus imposing a significant username and password assignment burden on the backup technician. Additionally, there is often a time urgency associated with information restoration (e.g., an operator's work may come to a stand still until the operator is able to restore lost information), thus making the task of assigning usernames and passwords a relatively high priority.
- In contrast to the above-described conventional computerized environment in which operators must request usernames and passwords from a backup technician when restoring information, improved techniques involve acquiring a logon token from a backup server through a pre-established secure data pathway between a client device and the backup server. The logon token can then be used to logon a user to a website having certain control of the backup server (e.g., to restore data from the backup server). Such improved techniques are less burdensome, i.e., they alleviate the need for intervention by a backup technician to assign usernames and passwords. Additionally, such techniques offer minimal latency in obtaining access to the backup server through the website, e.g., time is not wasted searching for a backup technician, explaining the need for a username and password in order to restore information, and waiting for the backup technician to assign a username and password.
- One embodiment is directed to a method of accessing a backup system. The method, which is performed in a client device, includes receiving a logon command to logon a user to a website of the backup system. The backup system includes (i) a backup server and (ii) a web server which hosts the website to enable the user to control settings of the backup server. The method further includes, sending, in response to receiving the logon command, a token request to the backup server through a pre-established secure data pathway between the client device and the backup server. Data is periodically backed up from the client device to the backup server through the pre-established secure data pathway in a secure manner. The method further includes acquiring, in response to sending the token request, a logon token from the backup server through the pre-established secure data pathway. The website hosted by the web server is constructed and arranged to communicate with the backup server to determine whether the logon token is authentic when the website receives the logon token during a logon operation.
- Other embodiments are directed to a client device, a backup system, a backup server, a web server, a computer program product, and other components of a backup environment. Additionally, other embodiments are directed to processes which are performed by the above-mentioned components of the backup environment.
- The foregoing and other objects, features and advantages will be apparent from the following description of particular embodiments of the invention, as illustrated in the accompanying drawings in which like reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale, emphasis instead being placed upon illustrating the principles of various embodiments of the invention.
-
FIG. 1 is a block diagram of an electronic environment which includes a client device and a backup facility. -
FIG. 2 is a block diagram of the client device ofFIG. 1 . -
FIG. 3 is a block diagram of the backup facility ofFIG. 1 . -
FIG. 4 is a sequence diagram showing various communications which occur between certain components of the backup facility when a user accesses the backup facility. -
FIG. 5 is a flowchart of a procedure which is performed by a client device of the electronic environment ofFIG. 1 . - An improved technique involves acquiring a logon token from a backup server through a pre-established secure data pathway between a client device and the backup server. The logon token can then be used to logon a user to a website having certain control of the backup server (e.g., to restore a lost file from the backup server). Such an improved technique is less burdensome, i.e., the improved technique alleviates the need for intervention by a backup technician to assign a username and a password. Furthermore, such a technique provides minimal latency when obtaining access to the backup server through the website, e.g., time is not wasted searching for a backup technician, explaining the need for a username and password in order to restore information, waiting for the backup technician to assign a username and password, and so on.
-
FIG. 1 shows anelectronic environment 20 which enables one or more users to automatically access a backup facility in a secure manner in order to perform certain backup system operations. In particular, with such access, a user is able to perform various backup-related tasks (e.g., restore a file, set or modify certain backup settings, etc.) without participation of a backup technician. - As shown in
FIG. 1 , theelectronic environment 20 includes multiple client devices 22(1), 22(2), . . . (collectively, client devices 22), abackup facility 24, and acommunications medium 26. The backup facility 24 (or remote backup system) includes aweb server 30 and abackup server 32. Theweb server 30 hosts abackup system website 34 which is capable of controlling (or changing) certain operational settings of thebackup server 32. - The
communications medium 26 connects to theclient devices 22, theweb server 30 and thebackup server 32 to enable these components of theenvironment 20 to exchangeelectronic communications 36 among each other (e.g., illustrated by the two-sided arrow 36 inFIG. 1 ). Along these lines, thecommunications medium 26 is illustrated as a cloud because it is capable of having a variety of topologies including hub-and-spoke, backbone, loop, irregular, a combination of the Internet and LAN(s), combinations thereof, and so on. - During operation, a human backup coordinator (or administrator) configures each
client device 22 to perform routine backups with thebackup facility 24. In particular, the backup coordinator installs and starts backup software on eachclient device 22. - Once the backup software is installed and running on a
client device 22, the backup software provides a user of theclient device 22 with an assortment ofbackup services 40 including, among other things, a routine backup service to routinelybackup client data 42 from theclient device 22, and a restoration service to restore theclient data 42 to theclient device 22. For example, as a user creates and modifies client data 42(1) on the client device 22(1), theclient device 22 periodically sends copies 44(1) of the created or modified client data 42(1) to thebackup facility 24 to be backed up. Similarly, as a user creates and modifies client data 42(2) on the client device 22(2), theclient device 22 periodically sends copies 44(2) of the created or modified client data 42(2) to thebackup facility 24 to be backed up, and so on. As a result, thebackup facility 24 safely maintains thecopies 44 of theclient data 42 for possible restoration, while users access theoriginal client data 42 locally on theirrespective client devices 22. - It should be understood that the
client devices 22 can initiate communications with thebackup facility 24 through thecommunications medium 26 without any custom setup by the users of theclient devices 22 or by the backup coordinator. Rather, eachclient device 22 is equipped with the ability to uniquely identify itself to the backup facility 24 (e.g., via random number generation, via network address, combinations thereof, etc.) thus enabling thebackup facility 24 to distinguish theclient devices 22 from each other without substantially burdening the users of theclient devices 22 or the backup coordinator. Such operation enables thebackup server 32 to uniquely identify eachclient device 22 when savingcopies 44 of theclient data 42. - It should be further understood that some of the
electronic communications 36 between theclient devices 22 and thebackup server 32 occur through pre-establishedsecure data pathways 50. In some arrangements, prior to starting backups on aclient device 22, the backup coordinator provisions that client device 22 (as well as the backup server 32) with standard cryptographic protocols (e.g., keys, certificates, etc.) to create asecure data pathway 50 between thatclient device 22 and thebackup server 32 for secure bidirectional communications through thecommunications medium 26. Accordingly, theclient device 22 is then able to periodically transmitcopies 44 of the client data 42 (new files/blocks, modified files/blocks, etc.) in a manner which prevents eavesdropping and/or tampering. In some arrangements, thesecure data pathways 50 are standard encrypted Secure Sockets Layer (SSL) and/or Transport Layer Security (TLS) connections. Such secure data pathway provisioning can occur as part of the backup software installation process, or separately from the backup software installation process. - Once the
secure data pathways 50 are in place (and re-creatable if destroyed), theclient devices 22transfer copies 44 of theclient data 42 through thesecure data pathways 50 in accordance with backup schedules (e.g., once a day, once an hour, every 15 minutes, customized times, etc.). After thebackup facility 24 receives thecopies 44 of theclient data 42, thebackup facility 24 is capable of performing restoration operations without burdening a backup coordinator, administrator or technician. - In particular, the
backup facility 24 allows users to access the backed upcopies 44 of theclient data 42 via thebackup system website 34 usinglogon tokens 52 obtained from thebackup server 32 in lieu of usernames and passwords assigned by a backup technician. Along these lines, when thebackup services 40 of aclient device 22 receives a command from a user to connect to thebackup system website 34, the website obtains alogon token 52 from thebackup server 32 on behalf of the user. Thebackup services 40 then activates web browser circuitry and passes the web browser circuitry (i) a URL (Uniform Resource Locator) for thebackup system website 34, (ii) an identifier of the client device 22 (e.g., a random string of symbols/characters/numbers which uniquely identifies theclient device 22 among other client devices 22), and (ii) thelogon token 52. In some arrangements, the identifier of theclient device 22 is a random string, 30-40 characters long. - When the
website 34 receives the identifier of theclient device 22 and thelogon token 52, thewebsite 34 communicates with thebackup server 32 to authenticate thelogon token 52 and thus authenticate the user. If authentication is successful, thewebsite 34 properly logs on the user. However, if authentication is unsuccessful, thewebsite 34 does not logon the user. As a result, users are able to securely retrieve the backed upcopies 44 of theclient data 42 without intervention by the backup technician. In some arrangements, thelogon token 52 are onetime use tokens. That is, such tokens can be used only once to logon thus preventing the possibility of replay attacks. Furthermore, such tokens become invalid if not used within a certain predefined expiration window of time. In some arrangements, eachlogon token 52 is a string of symbols (e.g., six characters/numbers for easy viewing and copying via a keyboard, a string of many characters/number to make viewing and copying more difficult, and so on). - Additionally, in some arrangements, the
website 34 returns a web-based logon cookie that enables theclient device 22 to access the website in a subsequent logon session without anylogon token 52 and/or any username/password. Further details will now be provided with reference toFIG. 2 . -
FIG. 2 shows particular details of acomputerized client device 60 which is suitable for use as any of theclient devices 22 inFIG. 1 . Thecomputerized client device 60 includes a user interface 62, anetwork interface 64, processingcircuitry 66, and localnon-volatile storage 68. The user interface 62 (e.g., a keyboard, mouse and display) is constructed and arranged to receive input from a user, and provide output to the user. The network interface 64 (e.g., a network adapter, a network card, etc.) is constructed and arranged to connect to thecommunications medium 26 and thus enable thecomputerized client device 60 to exchangeelectronic communications 36 with other devices through the communications medium 26 (also seeFIG. 1 ). The processing circuitry 66 (e.g., a set of processors and memory) is constructed and arranged to perform a variety of computerized operations or tasks. The local non-volatile storage 68 (e.g., magnetic disk drives, flash drives, etc.) is constructed and arranged to store data (e.g., files, blocks, records, etc.) in a persistent manner. - As further shown in
FIG. 2 , theprocessing circuitry 66 includesweb browser circuitry 70, other high level circuitry 72 (e.g., word processor circuitry, spreadsheet circuitry, email circuitry, etc.) for creating and/or modifyingclient data 42, backup services circuitry (or backup agent) 74, andoperating system circuitry 76. Such circuitry can be implemented as a set of processors running in accordance with one or more software constructs (e.g., application suites, programs, toolkits, scripts, drivers, etc.), as specialized hardware circuits (e.g., application specific integrated circuits, field programmable gate arrays, discrete components, etc.), as firmware, combinations thereof, and so on. - Additionally, in the context of a processor running in accordance with particular software constructs, a
computer program product 78 is capable of delivering each software construct to thecomputerized client device 60. Thecomputer program product 78 has a non-transitory (or non-volatile) computer readable storage medium which stores a set of instructions which controls operation of theprocessing circuitry 66. Examples of suitable computer readable storage media include tangible articles of manufacture and apparatus which store instructions in a non-volatile manner such as CD-ROM, flash memory, disk memory, tape memory, and the like. - During operation of the
computerized client device 60, theoperating system circuitry 76 effectively and efficiently allocates computerized resources (processor cycles, memory space, etc.) within thecomputerized client device 60. Thebackup services circuitry 74, which receives processing time and memory from theoperating system circuitry 76, provides a variety of backup and restoration services to the user. Along these lines, thebackup services circuitry 74 routinely providescopies 44 of newly created and/or modifiedclient data 42 to thebackup facility 24 through a pre-establishedsecure data pathway 50 between thecomputerized client device 22 and thebackup server 32 of thebackup facility 24 formed through the communications medium 26 (also seeFIG. 1 ). - Additionally, as will be explained in further detail shortly, the
backup services circuitry 74 is able to obtain a logon token 52 from thebackup server 32 of thebackup facility 24 on behalf of the user. The user is then able to provide thelogon token 52 to thewebsite 34 hosted by theweb server 30 for authentication purposes. In this manner, the user is able to properly logon to thewebsite 34 and gain control over certain functions of thebackup server 32, e.g., change backup settings, restore data, etc. (also seeFIG. 1 ). Such activity is capable of occurring without involvement from a backup technician. Further details will now be provided with reference toFIG. 3 . -
FIG. 3 shows particular details of thebackup facility 24 of the electronic environment 20 (also seeFIG. 1 ). As shown inFIG. 3 , theweb server 30 includes anetwork interface 80 andcontrol circuitry 82. The network interface 80 (e.g., a network adapter, a network card, etc.) is constructed and arranged to connect to thecommunications medium 26 and thus enable theweb server 30 to exchange communications with other devices through thecommunications medium 26. The control circuitry 82 (e.g., a set of processors and memory to run specialized software) is constructed and arranged to host thewebsite 34. - The
backup server 32 includes anetwork interface 90,control circuitry 92, andnon-volatile storage 94. The network interface 90 (e.g., a network adapter, a network card, etc.) is constructed and arranged to connect to thecommunications medium 26 and thus enable thebackup server 32 to exchange communications with other devices through the communications medium 26 (also seeFIG. 1 ). The control circuitry 92 (e.g., a set of processors and memory to run specialized software) is constructed and arranged to perform a variety of backup/restore operations or tasks. In particular, thecontrol circuitry 92 is responsible for backing up thecopies 44 of theclient data 42 from theclient devices 22 to the non-volatile storage 94 (e.g., magnetic disk drives, flash drives, etc.) based on particular control settings 96 (e.g., a backup schedule, parameters identifying source locations to back up, and so on). Additionally, thecontrol circuitry 94 is responsible for restoring thecopies 44 of theclient data 42 from thenon-volatile storage 94 to theclient devices 22 in response to input from thewebsite 34 of theweb server 30. - As further shown in
FIG. 3 , thecontrol circuitry 92 of thebackup server 32 includes anauthentication module 98 which is capable of controlling user access. In particular, theauthentication module 98 is constructed and arranged to providelogon tokens 52 and subsequently authenticate users attempting to logon to thebackup system website 34 based on the providedlogon tokens 52. Further details about authentication of users of thewebsite 34 will be provided shortly. - As illustrated by the
double arrow 100, thebackup server 32 conductssecure communications 102 with theclient devices 22 through pre-established secure data pathways 50 (e.g., SSL connections). Recall, that suchsecure data pathways 50 are set up prior to backing up thecopies 44 of theclient data 42 from theclient devices 22. With the pre-establishedsecure data pathways 50 in place, backups are then performed in a secure manner thus preventing eavesdropping and tampering of the data. - In some arrangements, the respective pre-established
secure data pathway 50 between theclient device 22 and thebackup server 32 is created (or re-created) prior to each backup operation performed by theclient device 22, and then destroyed at completion of each backup operation. Such arrangements advantageously minimize ongoing consumption of certain computerized resources (e.g., memory resources of the client device 22). - In other arrangements, the respective pre-established
secure data pathway 50 between theclient device 22 and thebackup server 32 stays intact continuously over multiple backup operations between theclient device 22 and thebackup server 32. Such arrangements advantageously minimize network traffic associated with creating (and destroying) thepathway 50. - It should be understood that, while the pre-established
secure data pathways 50 are in place, the backup services circuitry 74 (FIG. 2 ) of theclient devices 22 are able to logon users of theclient devices 22 to thebackup system website 34 in response to user commands in an automated manner, i.e., without participation by a backup coordinator. For example, suppose that a user of aclient device 22 wishes to obtain access to thebackup facility 24 to restore a file. The user enters a logon command into a user input/output (I/O) component of thebackup services circuitry 74, and a lower-level component of thebackup services circuitry 74 responds to the logon command by requesting and receiving alogon token 52 through asecure data pathway 50 to thebackup server 32. Such operation enables secure delivery of the logon token 52 from thebackup server 32 to theclient device 22 for use in logging on to thebackup system website 34. - Once the lower-level component of the
backup services circuitry 74 of aclient device 22 receives the logon token 52 from thebackup server 32, the user I/O component of thebackup services circuitry 74 activates theweb browser circuitry 70 of theclient device 22 to initiate web-basedcommunications 110 between theweb browser circuitry 70 and thewebsite 34 of the web server 30 (also see thedouble arrow 112 inFIG. 3 ). In particular, the user I/O component of thebackup services circuitry 74 provides theURL 114 of thewebsite 34, anidentifier 116 of theclient device 22 and thelogon token 52 to theweb browser circuitry 70. In the context of a processor running backup services software, activating theweb browser circuitry 70 involves launching a web browser application. In the context of specialized hardware, activating theweb browser circuitry 70 involves providing an enable signal to a web browser circuit to enable normal operation of the web browser circuit. - The
web browser circuitry 70 then delivers theidentifier 116 to thewebsite 34 to uniquely identify theclient device 22 to thewebsite 34, and thelogon token 52 to authenticate to thewebsite 34. Upon receipt of theidentifier 116 and the logon token 52 from theweb browser circuitry 70 of theclient device 22, thewebsite 34 communicates with thebackup server 32 to authenticate the user (see thedouble arrow 120 inFIG. 3 ). In particular, if thebackup server 32 determines that the logon token 52 matches thelogon token 52 that it provided earlier to thebackup services circuitry 74 of theparticular client device 22, thebackup server 32 informs thewebsite 34 that the user has successfully authenticated, and thewebsite 34 properly logs on the user. Once the user has properly logged on, the user is able to perform various operations such as restore acopy 44 ofclient data 42 from thebackup server 32 to theclient device 22, change the backup schedule, change what data is backed up, and so on. In some arrangements, thewebsite 34 immediately prompts the user to formally set up a username and a password for subsequent authentication sessions before allowing the user to perform other activities. In other arrangements, thewebsite 34 provides a web-based logon cookie to theclient device 22 to enable authentication without further need for alogon token 52 and/or a username/password. Other arrangements and combinations of arrangements are suitable for use as well. - However, if the
backup server 32 determines that thelogon token 52 does not match thelogon token 52 that it provided earlier to thebackup services circuitry 74 of theparticular client device 22, thebackup server 32 informs thewebsite 34 that authentication has failed, and thewebsite 34 then takes remedial action. For example, thewebsite 34 can deny further website access to the user, send a message to the backup coordinator warning of the failed authentication, and so on. Further details of the communications within theelectronic system 20 will now be provided with reference toFIG. 4 . -
FIG. 4 is a sequence diagram showing particular participating portions of theelectronic environment 20. Thebackup service circuitry 74 is illustrated as having a user I/O component 150 and a lower-level component 152 since, in some arrangements, thebackup service circuitry 74 is implemented in modular form. That is, in some modularized arrangements, thebackup service circuitry 74 includes a user I/O module, an underlying communications (or portal) module, a data restoration module, a diagnostic module, and so on. In the context of a processor which runs a set of applications, certain modules may at times be active or inactive. For example, a user I/O module may be inactive on not invoked to saveclient device 22 resources. However, other modules such as an underlying communications module may stay active continuously to perform background tasks and perhaps to minimize latency when it is quickly called upon for service by another module (e.g., by the user I/O module). Moreover, in some arrangements, the various modules are constructed and arranged to make SOAP (Simple Object Access Protocol) calls when requesting certain services. - As shown in
FIG. 4 , the user I/O component 150 is constructed and arranged to receive user commands and output information to the user. Additionally, the lower-level component 152 is constructed and arranged to communicate with (i) the user I/O component 150 (e.g., local inter-process communications) and (ii) thebackup server 32 through a pre-established secure data pathway 50 (e.g., an SSL connection through which to securely send client data, also seeFIG. 3 ). - Further details will now be provided regarding how the
electronic environment 20 provides aparticular client device 22 with access to thebackup facility 24. Along these lines, when the user wishes to logon to thebackup system website 34 from theparticular client device 22, the user activates the user I/O component 150 and enters alogon command 160 into the user I/O component 150. In some arrangements, the user I/O component 150 provides a lightweight graphical user interface (GUI) on a display (also see the user interface 62 inFIG. 2 ), and the user selects a menu option such as “Connect to Backup Server” or “Go To Website”. - In response, the user I/O component 150 of the
backup services circuitry 74 receives thelogon command 160 from the user and passes thelogon command 160 to the lower-level component 152 of thebackup services circuitry 74. Thebackup services circuitry 74 then sends a logontoken request 162 for alogon token 52 to thebackup server 32 through a pre-establishedsecure data pathway 50 between theclient device 22 and the backup server 32 (also seeFIG. 3 ). Therequest 162 may include anidentifier 116 to conveniently identify theparticular client device 22 amongother client devices 22 to thebackup server 32. The pre-establishedsecure data pathway 50 may be the same secure connection (e.g., use the same certificates, other access controls, etc.) that thebackup services circuitry 74 utilizes when sendingcopies 44 ofclient data 42 to thebackup server 32 for backing up. - In response to the
request 162 for alogon token 52, thebackup server 32 provides aresponse 164 which includes alogon token 52. Thebackup server 32 is able to maintain a record associating thelogon token 52 with theparticular client device 22 for authentication purposes. As a result, thebackup server 32 is able to assign and managelogon tokens 52 formultiple client devices 22 simultaneously. - Upon receipt of the
response 164 containing thelogon token 52, the lower-level component 152 of thebackup services circuitry 74 passes thelogon token 52 up to the user I/O component 150. When the user I/O component 150 receives thelogon token 52, the user I/O component 150 providesdata 166 which includes thelogon token 52 to theweb browser circuitry 70. The user I/O component 150 then providesactivation 166 to the web browser circuitry 70 (e.g., launches a web browser application) and provides the runningweb browser circuitry 70 with aURL 114 of thewebsite 34, theidentifier 116 which identifies theparticular client device 22, and thelogon token 52. - The
web browser circuitry 70 then sends a web-based request 168 (e.g., an HTTP GET request) to thewebsite 34 hosted by theweb server 30 of thebackup facility 24. The web-basedrequest 168 includes thelogon token 52 and theidentifier 116. - When the
website 34 receives the web-basedrequest 168 from theweb browser circuitry 70 of theclient device 22, thewebsite 34 sends anauthentication request 170 to thebackup server 32 of thebackup facility 24. Theauthentication request 170 includes thelogon token 52 and theidentifier 116. In some arrangements, a secure data pathway continuously exists between theweb server 30 and thebackup server 32 through which the servers exchange secure communications. - Next, the
backup server 32 responds to theauthentication request 170 by comparing the receivedlogon token 52 to the assignedlogon token 52 that it provided earlier to theparticular client device 22 through the pre-establishedsecure data pathway 50. Thebackup server 32 then provides anauthentication response 172 to thewebsite 34 indicating whether authentication is successful. In particular, if there is a match, thebackup server 32 indicates that authentication is successful in theauthentication response 172. However, if there is not a match, thebackup server 32 indicates that authentication has failed in theauthentication response 172. - Upon receipt of the
authentication response 172 from thebackup server 32, thewebsite 34 provides a web-basedresponse 174 to theweb browser circuitry 70 of theparticular client device 22. In particular, if authentication is successful, the web-basedresponse 174 includes a web page indicating that the user is successfully logged in and allowing the user to control various operational settings of thebackup server 32. In some arrangements, the web-basedresponse 174 prompts the user to create a personal username and password for subsequent logon sessions before allowing the user further access to thebackup server 32. - If authentication is unsuccessful, the web-based
response 174 is different. For example, the web-basedresponse 174 may deny access to thebackup server 32. Alternatively, the web-basedresponse 174 may send an alarm to the backup coordinator. Other types of remedial replies are suitable for use as well. Further details will now be provided with reference toFIG. 5 . -
FIG. 5 is a flowchart of aprocedure 200 which is performed by aclient device 22 during operation of the electronic environment 20 (also seeFIGS. 1-4 ). Theprocedure 200 is performed to logon a user to thebackup system website 34 of thebackup facility 24 without burdening a backup coordinator. - In
step 202, theclient device 22 receives alogon command 160 to logon a user to thewebsite 34 hosted by theweb server 30 of the backup facility 24 (FIG. 1 ). For example, the user may wish to control certain settings of thebackup server 32 such as change a backup source location or backup frequency, or to restoreclient data 42 to theclient device 22. - In
step 204, theclient device 22 sends, in response to receiving thelogon command 160, a logon token request 162 (FIG. 4 ) to thebackup server 32 through a pre-establishedsecure data pathway 50 between theclient device 22 and thebackup server 32. Recall that copies 44 ofclient data 42 are periodically (e.g., daily, hourly, etc.) backed up from theclient device 22 to thebackup server 32 through the pre-establishedsecure data pathway 50 in a secure manner. - In
step 206, theclient device 22 acquires, in response to sending the logontoken request 162, a logon token 52 from thebackup server 32 through the pre-establishedsecure data pathway 50. With thelogon token 52, theclient device 22 is able to logon the user to thebackup system website 34. - In
step 208, theclient device 22 provides thelogon token 52 to thebackup system website 34 during a logon operation. In particular, theclient device 22 sends a web-basedrequest 168 to the backup system website 34 (FIG. 4 ). Recall that theclient device 22 transmits thelogon token 52 through a pathway which is different than the pre-establishedsecure data pathway 50. Thewebsite 34 then communicates with thebackup server 32 to determine whether thelogon token 52 is authentic. - In
step 210, once authentication at thewebsite 34 has successfully completed, theclient device 22 provides the user with access to thebackup server 32 through thewebsite 34. Accordingly, the user is able to perform various backup system operations without bothering a backup coordinator. For example, the user is able to restore a particular file from thebackup server 32 to theclient device 22 without intervention by the backup coordinator. Along these lines, the user providing a restore command to thewebsite 34, and the restore command directs thewebsite 34 to carry out a restore operation on thebackup server 32 through the communications medium 26 (FIG. 1 ) to restore the particular file from thebackup server 32 to theclient device 22. Other operations are available as well such as changing a backup parameter, creating a username and password, and so on. - As described above, improved techniques involve acquiring a logon token 52 from a
backup server 32 through a pre-establishedsecure data pathway 50 between aclient device 22 and thebackup server 32. Thelogon token 52 can then be used to logon a user to awebsite 34 having certain control of the backup server 32 (e.g., to restore data from the backup server). Such improved techniques are less burdensome, i.e., they alleviate the need for intervention by a backup technician to assign usernames and passwords. Additionally, such techniques offer minimal latency in obtaining access to thebackup server 32 through thewebsite 34, e.g., time is not wasted searching for a backup technician, explaining the need for a username and password in order to restore information, waiting for the backup technician to assign a username and password, and so on. - While various embodiments of the invention have been particularly shown and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
- For example, it should be understood that backups and restores were described above as occurring on the
same client device 22 by way of example only. In some arrangements, backups and restores are performed ondifferent client devices 22. In particular, afirst client device 22 is capable of providingcopies 44 ofclient data 42 to thebackup server 32. Then, the user is able to obtain alogon token 52 by requesting thelogon token 52 using thatfirst client device 22. Once the user has obtained thelogon token 52, the user is capable of logging on to thewebsite 34 by manually activatingweb browser circuitry 70 on a second client device 22 (e.g., launching a web browser) and entering the value of the logon token 52 (e.g., a string of characters) into thesecond client device 22 to authenticate thesecond client device 22 with thebackup system website 34. Such a situation may occur if the user needs to migrate data backed up from thefirst client device 22 to thesecond client device 22. - Additionally, it should be understood that the
web server 30 and thebackup server 32 are located in separate devices in some arrangements. Such a situation may occur to separate the resource demands by theservers web server 30 may then be provisioned with enhanced web serving capabilities (e.g., with low storage but high processing power). Similarly, thebackup server 32 may be provisioned with enhanced storage capabilities (e.g., as an array of disks for RAID, with multiple network adapters for load balancing and fault tolerance, etc.). - However, in other arrangements, the
web server 30 and thebackup server 32 are co-located on the same device. In these arrangements, the communications between theweb server 30 and the backup server 32 (see thedouble arrow 120 inFIG. 3 ) may be exclusively internal to the device.
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/109,064 US8590025B2 (en) | 2011-05-17 | 2011-05-17 | Techniques for accessing a backup system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/109,064 US8590025B2 (en) | 2011-05-17 | 2011-05-17 | Techniques for accessing a backup system |
Publications (2)
Publication Number | Publication Date |
---|---|
US20120297468A1 true US20120297468A1 (en) | 2012-11-22 |
US8590025B2 US8590025B2 (en) | 2013-11-19 |
Family
ID=47176001
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/109,064 Active 2031-12-01 US8590025B2 (en) | 2011-05-17 | 2011-05-17 | Techniques for accessing a backup system |
Country Status (1)
Country | Link |
---|---|
US (1) | US8590025B2 (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103024729A (en) * | 2012-12-03 | 2013-04-03 | 东莞宇龙通信科技有限公司 | Data backup method, device and system |
US20140026203A1 (en) * | 2012-07-17 | 2014-01-23 | Microsoft Corporation | Authenticating a user for testing purposes |
US20150358308A1 (en) * | 2012-04-27 | 2015-12-10 | Intralinks, Inc. | Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment |
US9397998B2 (en) | 2012-04-27 | 2016-07-19 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys |
US9514327B2 (en) | 2013-11-14 | 2016-12-06 | Intralinks, Inc. | Litigation support in cloud-hosted file sharing and collaboration |
US9547770B2 (en) | 2012-03-14 | 2017-01-17 | Intralinks, Inc. | System and method for managing collaboration in a networked secure exchange environment |
US9553860B2 (en) | 2012-04-27 | 2017-01-24 | Intralinks, Inc. | Email effectivity facility in a networked secure collaborative exchange environment |
US9613190B2 (en) | 2014-04-23 | 2017-04-04 | Intralinks, Inc. | Systems and methods of secure data exchange |
US10033702B2 (en) | 2015-08-05 | 2018-07-24 | Intralinks, Inc. | Systems and methods of secure data exchange |
US10448197B2 (en) * | 2016-10-18 | 2019-10-15 | International Business Machines Corporation | Mobile device path and user association |
CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
US11237921B2 (en) * | 2019-11-22 | 2022-02-01 | EMC IP Holding Company LLC | Protecting storage backup configuration |
US11288151B2 (en) * | 2019-08-13 | 2022-03-29 | Acronis International Gmbh | System and method of determining boot status of recovery servers |
US20220150241A1 (en) * | 2020-11-11 | 2022-05-12 | Hewlett Packard Enterprise Development Lp | Permissions for backup-related operations |
CN114860508A (en) * | 2022-05-25 | 2022-08-05 | 中国科学技术大学 | Backup system and method for industrial equipment firmware |
US20230155997A1 (en) * | 2021-11-15 | 2023-05-18 | Dell Products L.P. | System and method for authenticating devices in distributed environment |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10608882B2 (en) | 2017-02-16 | 2020-03-31 | International Business Machines Corporation | Token-based lightweight approach to manage the active-passive system topology in a distributed computing environment |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010045451A1 (en) * | 2000-02-28 | 2001-11-29 | Tan Warren Yung-Hang | Method and system for token-based authentication |
US6778668B1 (en) * | 1996-06-10 | 2004-08-17 | Sun Microsystems, Inc. | Method and system for escrowed backup of hotelled world wide web sites |
US20070136200A1 (en) * | 2005-12-09 | 2007-06-14 | Microsoft Corporation | Backup broker for private, integral and affordable distributed storage |
US20080294462A1 (en) * | 2007-05-23 | 2008-11-27 | Laura Nuhaan | System, Method, And Apparatus Of Facilitating Web-Based Interactions Between An Elderly And Caregivers |
US20100082552A1 (en) * | 2008-09-30 | 2010-04-01 | Louis Beatty | Backing up and restoring security information for selected database objects |
US20100107227A1 (en) * | 2008-10-17 | 2010-04-29 | Intuit Inc. | Segregating anonymous access to dynamic content on a web server, with cached logons |
-
2011
- 2011-05-17 US US13/109,064 patent/US8590025B2/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6778668B1 (en) * | 1996-06-10 | 2004-08-17 | Sun Microsystems, Inc. | Method and system for escrowed backup of hotelled world wide web sites |
US20010045451A1 (en) * | 2000-02-28 | 2001-11-29 | Tan Warren Yung-Hang | Method and system for token-based authentication |
US20070136200A1 (en) * | 2005-12-09 | 2007-06-14 | Microsoft Corporation | Backup broker for private, integral and affordable distributed storage |
US20080294462A1 (en) * | 2007-05-23 | 2008-11-27 | Laura Nuhaan | System, Method, And Apparatus Of Facilitating Web-Based Interactions Between An Elderly And Caregivers |
US20100082552A1 (en) * | 2008-09-30 | 2010-04-01 | Louis Beatty | Backing up and restoring security information for selected database objects |
US20100107227A1 (en) * | 2008-10-17 | 2010-04-29 | Intuit Inc. | Segregating anonymous access to dynamic content on a web server, with cached logons |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9547770B2 (en) | 2012-03-14 | 2017-01-17 | Intralinks, Inc. | System and method for managing collaboration in a networked secure exchange environment |
US10356095B2 (en) | 2012-04-27 | 2019-07-16 | Intralinks, Inc. | Email effectivity facilty in a networked secure collaborative exchange environment |
US9596227B2 (en) | 2012-04-27 | 2017-03-14 | Intralinks, Inc. | Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment |
US20150358308A1 (en) * | 2012-04-27 | 2015-12-10 | Intralinks, Inc. | Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment |
US20150381599A1 (en) * | 2012-04-27 | 2015-12-31 | Intralinks, Inc. | Computerized method and system for managing a community facility in a networked secure collaborative exchange environment |
US9807078B2 (en) | 2012-04-27 | 2017-10-31 | Synchronoss Technologies, Inc. | Computerized method and system for managing a community facility in a networked secure collaborative exchange environment |
US9369454B2 (en) * | 2012-04-27 | 2016-06-14 | Intralinks, Inc. | Computerized method and system for managing a community facility in a networked secure collaborative exchange environment |
US9654450B2 (en) | 2012-04-27 | 2017-05-16 | Synchronoss Technologies, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys |
US9397998B2 (en) | 2012-04-27 | 2016-07-19 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys |
US9369455B2 (en) * | 2012-04-27 | 2016-06-14 | Intralinks, Inc. | Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment |
US9553860B2 (en) | 2012-04-27 | 2017-01-24 | Intralinks, Inc. | Email effectivity facility in a networked secure collaborative exchange environment |
US10142316B2 (en) | 2012-04-27 | 2018-11-27 | Intralinks, Inc. | Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment |
US8904510B2 (en) * | 2012-07-17 | 2014-12-02 | Microsoft Corporation | Authenticating a user for testing purposes |
US20140026203A1 (en) * | 2012-07-17 | 2014-01-23 | Microsoft Corporation | Authenticating a user for testing purposes |
CN103024729A (en) * | 2012-12-03 | 2013-04-03 | 东莞宇龙通信科技有限公司 | Data backup method, device and system |
US9514327B2 (en) | 2013-11-14 | 2016-12-06 | Intralinks, Inc. | Litigation support in cloud-hosted file sharing and collaboration |
US10346937B2 (en) | 2013-11-14 | 2019-07-09 | Intralinks, Inc. | Litigation support in cloud-hosted file sharing and collaboration |
US9762553B2 (en) | 2014-04-23 | 2017-09-12 | Intralinks, Inc. | Systems and methods of secure data exchange |
US9613190B2 (en) | 2014-04-23 | 2017-04-04 | Intralinks, Inc. | Systems and methods of secure data exchange |
US10033702B2 (en) | 2015-08-05 | 2018-07-24 | Intralinks, Inc. | Systems and methods of secure data exchange |
US10448197B2 (en) * | 2016-10-18 | 2019-10-15 | International Business Machines Corporation | Mobile device path and user association |
US11070937B2 (en) | 2016-10-18 | 2021-07-20 | International Business Machines Corporation | Mobile device path and user association |
US11288151B2 (en) * | 2019-08-13 | 2022-03-29 | Acronis International Gmbh | System and method of determining boot status of recovery servers |
US11237921B2 (en) * | 2019-11-22 | 2022-02-01 | EMC IP Holding Company LLC | Protecting storage backup configuration |
CN111628965A (en) * | 2020-04-03 | 2020-09-04 | 北京奇艺世纪科技有限公司 | Cross-domain name login method and device |
US20220150241A1 (en) * | 2020-11-11 | 2022-05-12 | Hewlett Packard Enterprise Development Lp | Permissions for backup-related operations |
US20230155997A1 (en) * | 2021-11-15 | 2023-05-18 | Dell Products L.P. | System and method for authenticating devices in distributed environment |
CN114860508A (en) * | 2022-05-25 | 2022-08-05 | 中国科学技术大学 | Backup system and method for industrial equipment firmware |
Also Published As
Publication number | Publication date |
---|---|
US8590025B2 (en) | 2013-11-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8590025B2 (en) | Techniques for accessing a backup system | |
JP6556943B2 (en) | Single sign-on method for appliance secure shell | |
US10033717B2 (en) | Terminal single sign-on configuration, authentication method, and system, and application service system thereof | |
JP2019197561A (en) | Rolling security platform | |
EP2955651A1 (en) | Methods and systems for managing license distribution for software | |
US9401905B1 (en) | Transferring soft token authentication capabilities to a new device | |
US9088562B2 (en) | Using service request ticket for multi-factor authentication | |
US20110010708A1 (en) | System and method for transporting configuration parameters | |
WO2015103992A1 (en) | Data processing method, apparatus, client, server and system | |
US11025425B2 (en) | User security token invalidation | |
US10346618B1 (en) | Data encryption for virtual workspaces | |
CN110717171B (en) | Access token management for state preservation and reuse | |
US9137094B1 (en) | Method for setting DNS records | |
CN108289074B (en) | User account login method and device | |
US20170149746A1 (en) | License utilization management system service suite | |
US20210073373A1 (en) | Automating password change management | |
WO2023079411A1 (en) | User device authentication gateway module | |
CN109948330B (en) | Method, device, equipment and storage medium for implementing application management service | |
CN108112268B (en) | Managing load balancers associated with auto-extension groups | |
US7730122B2 (en) | Authenticating a node requesting another node to perform work on behalf of yet another node | |
CN112035062B (en) | Migration method of local storage of cloud computing, computer equipment and storage medium | |
US11392397B2 (en) | Reconfiguration rate-control | |
WO2016155266A1 (en) | Data sharing method and device for virtual desktop | |
US20150271029A1 (en) | Activation management system and activation management method | |
CN107659621B (en) | RAID control card configuration method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: IRON MOUNTAIN INFORMATION MANAGEMENT, INC., MASSAC Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BHARADWAJ SUBRAMANYA, MANJUNATH;REEL/FRAME:026407/0720 Effective date: 20110516 |
|
AS | Assignment |
Owner name: AUTONOMY, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:IRON MOUNTAIN INCORPORATED;REEL/FRAME:029513/0863 Effective date: 20110602 |
|
AS | Assignment |
Owner name: IRON MOUNTAIN INCORPORATED, MASSACHUSETTS Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE NAME PREVIOUSLY RECORDED ON REEL 026407 FRAME 0720. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:SUBRAMANYA, MANJUNATH BHARADWAJ;REEL/FRAME:032342/0964 Effective date: 20130924 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
AS | Assignment |
Owner name: ENTIT SOFTWARE LLC, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AUTONOMY, INC.;REEL/FRAME:042660/0373 Effective date: 20170410 |
|
AS | Assignment |
Owner name: JPMORGAN CHASE BANK, N.A., DELAWARE Free format text: SECURITY INTEREST;ASSIGNORS:ENTIT SOFTWARE LLC;ARCSIGHT, LLC;REEL/FRAME:044183/0577 Effective date: 20170901 Owner name: JPMORGAN CHASE BANK, N.A., DELAWARE Free format text: SECURITY INTEREST;ASSIGNORS:ATTACHMATE CORPORATION;BORLAND SOFTWARE CORPORATION;NETIQ CORPORATION;AND OTHERS;REEL/FRAME:044183/0718 Effective date: 20170901 |
|
AS | Assignment |
Owner name: MICRO FOCUS LLC, CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:ENTIT SOFTWARE LLC;REEL/FRAME:050004/0001 Effective date: 20190523 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |
|
AS | Assignment |
Owner name: MICRO FOCUS LLC (F/K/A ENTIT SOFTWARE LLC), CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0577;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:063560/0001 Effective date: 20230131 Owner name: NETIQ CORPORATION, WASHINGTON Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: MICRO FOCUS SOFTWARE INC. (F/K/A NOVELL, INC.), WASHINGTON Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: ATTACHMATE CORPORATION, WASHINGTON Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: SERENA SOFTWARE, INC, CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: MICRO FOCUS (US), INC., MARYLAND Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: BORLAND SOFTWARE CORPORATION, MARYLAND Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 Owner name: MICRO FOCUS LLC (F/K/A ENTIT SOFTWARE LLC), CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST REEL/FRAME 044183/0718;ASSIGNOR:JPMORGAN CHASE BANK, N.A.;REEL/FRAME:062746/0399 Effective date: 20230131 |